Waldo 96 #1 Posted July 15, 2018 Hello, I just got an email, purportedly from Google. ----- Subject line is: Review blocked sign-in attempt ----- Content is: Hi, Google just blocked someone from signing into your Google Account <my-email>@gtempaccount.com from an app that may put your account at risk. Less secure app Sunday, July 15, 2018 8:44 AM (Vietnam Time) Phường 3, Gò Vấp, Ho Chi Minh City, Vietnam*Don't recognize this activity? If you didn't recently receive an error while trying to access a Google service, like Gmail, from a non-Google application, someone may have your password. ----- Next, there is a link to 'secure your account'. Which surprises me; it's good advice never to click on any links in these kind of emails (who knows where they're coming from). The link does go to https://accounts.google.com/AccountChooser?Email=... however, which seems a legit google URL? Which if it is legit, seems bad form to me, as Google are training people to click on links within potential phishing emails. Also, would be shocked if someone got my email, it's 30 characters of randomness. It is stored in an offline password manager, and also stored in my Firefox account. I'm thinking that could be a weak link. Presumably someone would only need to know my Firefox account login credentials, and voila, they have all my stored passwords. Probably best not to keep anything important in there. I also just turned on 2FA for Firefox account, so I'm guessing that means I can sign in from any new device without completing 2FA? Share this post Link to post Share on other sites Share this content via...
*Wallace* 333 #2 Posted July 15, 2018 I would go to your account in your usual way and change your password. Share this post Link to post Share on other sites Share this content via...
Waldo 96 #3 Posted July 15, 2018 I would go to your account in your usual way and change your password. Thanks. Yep, that was the first thing I did. Also need to make sure I have 2FA switched on for the account. Share this post Link to post Share on other sites Share this content via...
IT-Smith 10 #4 Posted July 16, 2018 To view the recent login activity, click "Details" on the bottom right of the mail page. https://support.google.com/mail/answer/45938?hl=en Check it looks ok and the IP address's belong to you or your ISP. Share this post Link to post Share on other sites Share this content via...
iansheff 86 #5 Posted July 16, 2018 Forward it to Google, they will have a security link for you to report suspicious mails. Share this post Link to post Share on other sites Share this content via...